c18e91fedad79cf98044d7a754dd39b673018e28dc6935bc9d63515b8d91a6be

Analysis

max time kernel
125s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
08/06/2024, 16:19

Target

351650a422e427140d74d8c68185fa24.exe
Size

1.1MB
MD5

351650a422e427140d74d8c68185fa24
SHA1

c20e19d924a55302e8d642ced835643df817b408
SHA256

c18e91fedad79cf98044d7a754dd39b673018e28dc6935bc9d63515b8d91a6be
SHA512

b2b48979e2e93ddecf931e7b32a8678204fe3227deb3d14a1b0a5e37dc6184250849e1212ccf33f204ae4445cc4d45660463328c2fc0f1944ba66c40440bcd39
SSDEEP

24576:4AHnh+eWsN3skA4RV1Hom2KXMmHa1njQfaHqX94tnjcHjajCF45N5:/h+ZkldoPK8Ya1njwaKXKtnjjjPF

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4272	.exe

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral2/files/0x000800000002355b-14.dat	autoit_exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4428	4272	WerFault.exe	92

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
4272	.exe

Suspicious use of FindShellTrayWindow 4 IoCs

Suspicious use of SendNotifyMessage 4 IoCs

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 4272	2172	351650a422e427140d74d8c68185fa24.exe	92
PID 2172 wrote to memory of 4272	2172	351650a422e427140d74d8c68185fa24.exe	92
PID 2172 wrote to memory of 4272	2172	351650a422e427140d74d8c68185fa24.exe	92
PID 4272 wrote to memory of 448	4272	.exe	93
PID 4272 wrote to memory of 448	4272	.exe	93
PID 4272 wrote to memory of 448	4272	.exe	93
PID 4272 wrote to memory of 448	4272	.exe	93

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4272 -ip 4272
1⤵
PID:2016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4068,i,7012731823941922179,12386606396608877869,262144 --variations-seed-version --mojo-platform-channel-handle=4292 /prefetch:8
1⤵
PID:1088

C:\Users\Admin\AppData\Local\Temp\autE5CC.tmp

Filesize
264KB

MD5
1306778ea7672dcf0feeaaccefc7834b

SHA1
c66a3f38bb0ad064904e0b0d8f4a68974a4156ea

SHA256
62f03de61df004c2f9d1ccda1b7daa295bead15f9e4f7d3b04d2492dab0fd399

SHA512
357b4e97722418735f322ba37634b911c31246eed9926e30bd9971b5854806625a5c3a48c8c57c691f7684d57612d12a6166330918c81e82e1663ea63bcfa923

Download Submit
C:\Users\Admin\AppData\Local\Temp\epistemology

Filesize
28KB

MD5
0de4d7b8073ad67d27c7338427739ba8

SHA1
235472c2ddb2328e0e27a672fd4de7e2b6127cee

SHA256
9222c42a295fd21a6f0fa829726b4d3ef89d4ebb0cc5f69fb89c55c52cefd74e

SHA512
045341c98a723ca0d97112d574e279e38976b93f988ff72e572f2025d5e2a5617a679cf842fbfe509d54977af21dfb31adff2c84e686cc434fcfba6d78ed746b

Download Submit
C:\Users\Admin\AppData\Local\directory\.exe

Filesize
1.1MB

MD5
351650a422e427140d74d8c68185fa24

SHA1
c20e19d924a55302e8d642ced835643df817b408

SHA256
c18e91fedad79cf98044d7a754dd39b673018e28dc6935bc9d63515b8d91a6be

SHA512
b2b48979e2e93ddecf931e7b32a8678204fe3227deb3d14a1b0a5e37dc6184250849e1212ccf33f204ae4445cc4d45660463328c2fc0f1944ba66c40440bcd39

Download Submit
memory/2172-12-0x0000000003D50000-0x0000000003D54000-memory.dmp

Filesize
16KB

Download